build pipeline WIP

.github/workflows/build_package.yml

@@ -0,0 +1,48 @@
+name: build and publish container
+
+on: [push]
+env:
+  ## Sets environment variable
+  DOCKER_HUB_ORGANIZATION: ${{ vars.DOCKER_HUB_ORGANIZATION }}
+  DOCKER_HUB_REPOSITORY: obp-hola
+
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - name: Set up JDK 11
+        uses: actions/setup-java@v2
+        with:
+          java-version: '11'
+          distribution: 'adopt'
+          cache: maven
+      - name: Build with Maven
+        run: MAVEN_OPTS="-Dmaven.test.failure.ignore=false -Xmx3G -Xss4m -XX:MaxPermSize=3G" mvn clean package
+      - name: Build the Docker image
+        run: |
+          echo "${{ secrets.DOCKER_HUB_TOKEN }}" | docker login -u "${{ secrets.DOCKER_HUB_USERNAME }}" --password-stdin docker.io
+          docker build . --tag docker.io/${{ env.DOCKER_HUB_ORGANIZATION }}/${{ env.DOCKER_HUB_REPOSITORY }}:$GITHUB_SHA --tag docker.io/${{ env.DOCKER_HUB_ORGANIZATION }}/${{ env.DOCKER_HUB_REPOSITORY }}:latest --tag docker.io/${{ env.DOCKER_HUB_ORGANIZATION }}/${{ env.DOCKER_HUB_REPOSITORY }}:develop
+          docker push docker.io/${{ env.DOCKER_HUB_ORGANIZATION }}/${{ env.DOCKER_HUB_REPOSITORY }} --all-tags
+          echo docker done
+
+      - uses: sigstore/cosign-installer@main
+
+      - name: Write signing key to disk (only needed for `cosign sign --key`)
+        run: echo "${{ secrets.COSIGN_PRIVATE_KEY }}" > cosign.key
+
+      - name: Sign container image
+        run: |
+          cosign sign -y --key cosign.key \
+            docker.io/${{ env.DOCKER_HUB_ORGANIZATION }}/${{ env.DOCKER_HUB_REPOSITORY }}:develop
+          cosign sign -y --key cosign.key \
+                      docker.io/${{ env.DOCKER_HUB_ORGANIZATION }}/${{ env.DOCKER_HUB_REPOSITORY }}:latest
+          cosign sign -y --key cosign.key \
+                      docker.io/${{ env.DOCKER_HUB_ORGANIZATION }}/${{ env.DOCKER_HUB_REPOSITORY }}:$GITHUB_SHA
+          cosign sign -y --key cosign.key \
+                      docker.io/${{ env.DOCKER_HUB_ORGANIZATION }}/${{ env.DOCKER_HUB_REPOSITORY }}:develop-OC
+          cosign sign -y --key cosign.key \
+                      docker.io/${{ env.DOCKER_HUB_ORGANIZATION }}/${{ env.DOCKER_HUB_REPOSITORY }}:latest-OC
+        env:
+          COSIGN_PASSWORD: "${{secrets.COSIGN_PASSWORD}}"

.gitignore

@@ -34,3 +34,5 @@ build/
 /src/main/resources/application-local.properties
 /src/main/resources/application-remote.properties
 /src/main/resources/cert/
+
+.application.env

Dockerfile

@@ -0,0 +1,7 @@
+FROM openjdk:17-jdk-alpine
+WORKDIR /
+COPY target/obp-hola-app-*-SNAPSHOT.jar obp-hola.jar
+COPY application.properties application.properties
+EXPOSE 8087
+ENTRYPOINT ["java","-jar","/obp-hola.jar"]
+#ENTRYPOINT ["/entrypoint.sh"]

application.properties

@@ -0,0 +1,27 @@
+server.port=${server.port}
+oauth2.public_url=${oauth2.public_url}
+obp.base_url=${obp.base_url}
+endpoint.path.prefix=${endpoint.path.prefix}
+
+mtls.keyStore.path=/etc/ssl/certs/keystore.jks
+mtls.keyStore.password=${mtls.keyStore.password}
+mtls.keyStore.alias=${mtls.keyStore.alias}
+mtls.trustStore.path=/etc/ssl/certs/truststore.jks
+mtls.trustStore.password=${mtls.trustStore.password}
+
+display_standards=${display_standards}
+force_jws=${force_jws}
+
+server.servlet.session.cookie.name=${server.servlet.session.cookie.name}
+
+logo.bank.enabled=${logo.bank.enabled}
+logo.bank.url=${logo.bank.url}
+
+### insert oauth2-related keys from API consumer registration below ###
+
+oauth2.client_id=${oauth2.client_id}
+oauth2.redirect_uri=${oauth2.redirect_uri}
+oauth2.client_scope=${oauth2.client_scope}
+oauth2.jws_alg=${oauth2.jws_alg}
+oauth2.jwk_private_key=${oauth2.jwk_private_key}
+

entrypoint.sh

@@ -0,0 +1,3 @@
+echo $KEYSTORE_BASE64 | base64 -d > /etc/ssl/certs/keystore.jks
+echo $TRUSTSTORE_BASE64 | base64 -d > /etc/ssl/certs/truststore.jks
+exec java -jar /obp-hola.jar